<?php

class Fitnesspk_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract{
    
    private $acl = null;
    private $auth = null;
    
    public function preDispatch(Zend_Controller_Request_Abstract $request) {
        
        $this->acl = new Zend_Acl();
        
        $this->acl->addRole(new Zend_Acl_Role('gosc'));
        $this->acl->addRole(new Zend_Acl_Role('klient'), 'gosc');
        $this->acl->addRole(new Zend_Acl_Role('instruktor'),'gosc');
        $this->acl->addRole(new Zend_Acl_Role('admin'), 'klient');
        
        $this->acl->add(new Zend_Acl_Resource('index'));
        $this->acl->add(new Zend_Acl_Resource('panel-klienta'));
        $this->acl->add(new Zend_Acl_Resource('klient'));
        
        $this->acl->allow('gosc', 'index', null);                
        $this->acl->allow('gosc', 'panel-klienta', array('rejestracja'));
        $this->acl->deny('gosc', 'klient', null);
        $this->acl->allow('klient', 'index', null);
        $this->acl->allow('klient', 'panel-klienta', null);
        $this->acl->allow('klient', 'klient', null);
        
        //sprawdzamy czy user ma prawa dostępu do rządanych zasobów
        $this->auth = Zend_Auth::getInstance();
        $role = 'gosc';
        $identity = null;
        if($this->auth->hasIdentity()){
            $identity = $this->auth->getIdentity();
            $role = $identity->USE_typ;          
        }        
        
        $controller = $request->getControllerName();
        $action = $request->getActionName();
        if(!$this->acl->isAllowed($role, $controller, $action)){
            if($role == 'gosc'){
                $request->setControllerName('panel-klienta')
                        ->setActionName('rejestracja');              
            }else{
                $request->setControllerName('index');
                $request->setActionName('index');               
            }
        }
    }
}

?>
